Re: AW: AW: signature verification failed

[Fang Jian]

Werner,

This XML message is obtained after XMLCanonicalizer
formats it. I traced the code and it seems that the
Handler also does XMLCanonicalizer first before
processing the message. Thus, I don't think this is
the reason for the problem. I also removed the
XMLCanonicalizer and sent the real captured request
obtained by Ethereal to the server, the server throwed
out the same error message:

Processing Incoming Message !
Oct 12, 2005 9:43:04 AM
org.apache.ws.security.components.crypto.CryptoFactory
loadClass
INFO: Using Crypto Engine
[org.apache.ws.security.components.crypto.Merlin]
Oct 12, 2005 9:43:05 AM
org.apache.xml.security.signature.Reference verify
WARNING: Verification failed for URI "#id-15308417"
Oct 12, 2005 9:43:05 AM
com.sun.xml.ws.transport.http.servlet.WSServletDelegate
doPost
SEVERE: caught throwable
java.lang.ExceptionInInitializerError
        at
org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurityEngine.java:628)
        at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:320)
        at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
        at
com.jtv.core.ws.security.handler.WSS4JHandler.DecodeSMC(WSS4JHandler.java:549)
        at
com.jtv.core.ws.security.handler.WSS4JHandler.processMessage(WSS4JHandler.java:222)
        at
com.jtv.core.ws.security.handler.WSS4JHandler.handleIncoming(WSS4JHandler.java:131)
        at
com.jtv.core.ws.security.handler.WSS4JHandler.handleMessage(WSS4JHandler.java:147)
        at
com.jtv.core.ws.security.handler.WSS4JHandler.handleMessage(WSS4JHandler.java:73)
        at
com.sun.xml.ws.handler.HandlerChainCaller.callProtocolHandlers(HandlerChainCaller.java:556)
        at
com.sun.xml.ws.handler.HandlerChainCaller.internalCallHandlers(HandlerChainCaller.java:329)
        at
com.sun.xml.ws.handler.HandlerChainCaller.callHandlers(HandlerChainCaller.java:274)
        at
com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher.callHandlersOnRequest(SOAPMessageDispatcher.java:300)
        at
com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher.access$000(SOAPMessageDispatcher.java:66)
        at
com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher$SoapInvoker.invoke(SOAPMessageDispatcher.java:440)
        at
com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher.receive(SOAPMessageDispatcher.java:115)
        at com.sun.xml.ws.server.Tie.handle(Tie.java:89)
        at
com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDelegate.java:373)
        at
com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:81)
        at
javax.servlet.http.HttpServlet.service(HttpServlet.java:767)
        at
javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
        at
com.jtv.core.ws.endpoint.EndpointTestCase.runEndpointTest(EndpointTestCase.java:196)
        at
com.jtv.core.ws.endpoint.example.handlerresult.SignatureEndpoint_UT.runEndpointTest2(SignatureEndpoint_UT.java:25)
        at
com.jtv.core.ws.endpoint.example.handlerresult.SignatureEndpoint_UT.testSignature(SignatureEndpoint_UT.java:12)
        at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at
junit.framework.TestCase.runTest(TestCase.java:154)
        at
junit.framework.TestCase.runBare(TestCase.java:127)
        at
junit.framework.TestResult$1.protect(TestResult.java:106)
        at
junit.framework.TestResult.runProtected(TestResult.java:124)
        at
junit.framework.TestResult.run(TestResult.java:109)
        at junit.framework.TestCase.run(TestCase.java:118)
        at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:478)
        at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:344)
        at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:196)
Caused by: java.lang.RuntimeException: Can't find
bundle for base name org.apache.ws.security.errors,
locale en_US
        at
org.apache.ws.security.WSSecurityException.<clinit>(WSSecurityException.java:48)
        ... 36 more
[Fatal Error] :-1:-1: Premature end of file.

The strange thing is that if the client connects to
the server directly, the signature verification works
fine.

Thank you for your help,

Jian

--- "Dittmann, Werner" <[EMAIL PROTECTED]>
wrote:

> Jian,
> 
> the request etc seems ok for me. Because it is a
> verification problem I guess it is a usual problem
> of some "pretty printing" after the request was
> signed.
> 
> If this is the real captured request then I'm pretty
> sure that some driver, some transport, etc modified
> the
> request after it got signed by WSS4J. Very often we
> see that drivers or XML serializers insert blanks,
> tabs,
> and newlines in the request before they put it on
> the
> wire. Can you crosscheck that?
> 
> Regards,
> Werner



                
__________________________________ 
Yahoo! Music Unlimited 
Access over 1 million songs. Try it free.
http://music.yahoo.com/unlimited/

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]